Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-05-2002, 04:38 PM   #1
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
RSA public key encryption/private key decription

Hallo all

I'm using the openssl package for a project I'm working on, and have come across the following in the RSA_public_encrypt man page.

"Raw RSA encryption. This mode should only be used to implement cryptographically sound padding modes in the application code. Encrypting user data directly with RSA is insecure."

What I would like to know is why this is insecure, and how does padding help. I've tried padding using RSA_PKCS1_OAEP_PADDING, but this causes data to encrypt to different "target" values. So say I encrypt the string "this string is to be encrypted" 5 or 6 times, I will end up with 5 or 6 different encrypted versions. For what I'm using it, this is not quite acceptable - the same string should encrypt to the same value each and every time (yes - this is probably slightly insecure - but it is needed). So what I did was pad whatever I get upto a multiple of 128 bytes with 0's (I still want to change this, based upon the input data pad it otherwise). Then encrypt each block of 128 bytes with no padding. Is this ok, or is it as the man pages suggest - REALLY BAD.

Thanks beforehand for all help

Old 08-08-2002, 07:25 AM   #2
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Maybe this, this or this can help.
*Citeseer has a *lot* of references, you just gotta know how to get to the actual text. Select a reference, select update, and the URI then is at the bottom of the page.

HTH somehow.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 06:15 AM
SSH public/private key authentication with GnuPG keys? thinksincode Linux - Security 1 02-25-2005 02:33 PM
public/private key authentication with PuTTY NetAX Linux - Security 5 10-27-2004 06:00 PM
GPG Data, Secret Key but no Public Key? Aeiri Linux - Software 5 07-20-2004 06:00 PM
rsa private key keysize - how big? koningshoed Linux - Security 2 12-14-2002 03:05 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:22 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration